Had a blast working on a project last night with Youstin We ended up taking an existing bug bounty tool and building a version in rust that was over 20x faster Old (py): 2m15s New (rust): 6s

Found a 0day on a famous third-party vendor in a collaboration with Youstin and bend theory. Fair enough, the old versions are secure, new versions are affected. More info after vendor patch.

Introducing ripgen - A rust-based version of the popular dnsgen python utility by myself and Youstin. crates.io/search?q=ripgen github.com/resyncgg/ripgen

It was fairly difficult getting back into writing, but with the help of a couple of awesome reviewers I've finally released my latest blog post: Eliminating Authorization Vulnerabilities with Dacquiri d0nut.medium.com/eliminating-au…

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

1/ First, let's talk background: How does ASP[.]NET get its configuration settings? (Like database connections) In the documentation: By default, it's "configured to read from `appsettings.json`, environment variables" and more. It gives an example that shows

Thanks to everyone who attended Browser-Powered Desync Attacks, hope you enjoyed it! If you missed it but you're in the area, I'll be doing a repeat at 15:30 on Friday at #DEFCON. You can find the whitepaper, slides, code and labs at portswigger.net/research/brows…

If anyone needs to extract regex patterns from a list of urls, I wrote a tool for it. github.com/iustin24/rextr… It's pretty fast and also supports PCRE.

I'm excited to release the first version of a context-discovery tool I've been working on. github.com/iustin24/chame… - Chameleon can automatically detect the technologies running on a host and adapt to a calibrated wordlist. youst.in/posts/context-…

New research: How we abused repository webhooks to access internal CI systems at scale. cidersecurity.io/blog/research/… 1/

New blog post detailing some findings from auditing the Next.js ecosystem: "Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library" Huge thanks to shubs and Brett Buerhaus for helping explore this! samcurry.net/universal-xss-…

The slides of my talk "Bug Bounty on Steroids" @ Security BSides Ahmedabad are available at webimmunify.com/bsides #bugbounty

Hey! You! Yea, you! Does the idea of protecting billions of assets seem interesting? Are you a junior to mid-level #AppSec engineer that knows how to code? Are you authorized to work in the United States? Then you sound like a perfect fit for Robinhood's Appsec team! #Hiring

Chameleon v1.1.0 is now live with new features 🎉 - JSON output - Fuzz using multiple HTTP methods - Save output to a file - Minor bug fixes github.com/iustin24/chame…

If you want to find domains associated to an organization, you can explore DuckDuckGo's tracker-radar. It's a publicly accesible dataset that stores web tracking information, including domains operated by an organization. github.com/duckduckgo/tra…

It's finished! First LHE in Romania organised by Superbet Romania! We have the winners, congrats Youstin & nytr0gen 😍 Also a big thank you for all the participants! See you next year! Thank you HackerOne for helping us organising the event #BugBounty #hackerone

I’m happy to have won first place together with nytr0gen at Superbet’s LHE. Defcamp was awesome, I’m really looking forward to next year’s event. Also shoutout to CMD - Constantin for organizing the LHE🎉

I am also attending 🇸🇬 See you there!